Auth0 Home Blog Docs

Check if user is enrolled in MFA


#1

Hello there!
I was wondering if there was a way to check if the user is enrolled in MFA - ie. entered their phone number - inside of a rule? From what I can tell the user object doesn’t pass around any information other than multifactor: ['guardian'], even though in the raw json I can see a guardian_authenticators attribute.


#2

For as far as I’m aware you can’t check if a user is enrolled. What you can do, is add a bit of data to app_metadata to signal to the rule MFA should be required for that user (something like: ”mfa_enabled”: true). Then deciding to do MFA is as simple as an if statement to check for that particular value.


#3

Yeah we do something like that in a rule but that gets set to trigger the MFA rule, what we want is to know when the user actually enrolls their phone number through MFA - since they user can trigger MFA but never actually enroll with their phone number number


#4

Haven’t been able to test this yet, but it appears you can set selfServiceEnrollment to false to sort of achieve the same thing: only if a user actually enrolled, the widget will display. Again, haven’t been able to test it.